To:
iesg@ietf.org
Cc:
dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
12 Mar 2000 01:22:29 -0000
Sender:
owner-dnsop@cafax.se
Subject:
Re: Last Call: Root Name Server Operational Requirements to BCP
Scott Bradner has asked me to propose specific changes to opreq. Here's
possible text for the security section:
3.4 The computers that publish a server's address MUST be secured as
carefully as the server itself.
3.4.1 If, for example, clients use an NS record that points to
the server f.root-servers.net, then the computers that
control the zone root-servers.net have the power to direct
those clients to the IP address of a fake server. Those
computers MUST be secured as carefully as the real server.
3.4.2 This rule applies recursively. If the address of a server
is published by one computer, whose address in turn is
published by another computer, then this last computer MUST
be secured too; and so on.
3.4.3 Administrators are encouraged to avoid this situation. One
good way to avoid NS dependencies is to make each NS record
point to a name in the (child) zone that contains the NS
record. Note that this strategy will assign several names
to one IP address when one server handles several zones.
Does anyone know why root-servers.net and gtld-servers.net weren't kept
within the .net zone in the first place?
---Dan